CSA

Computer Software Assurance. FDA's risk-based reframing of software validation: assurance effort proportional to patient and quality risk.

CSA asks one question of every feature: what happens to the patient or the product if this fails? High-risk functions earn scripted, evidenced testing. Lower-risk functions earn unscripted or exploratory testing with a lightweight record. The total assurance stays the same; the ceremony shrinks where it never paid rent.

The guidance also rehabilitates two underused ideas: critical thinking as a documented activity, and supplier evidence as something you may actually lean on instead of retesting from scratch. CSA is best read not as less validation but as validation with the effort moved to where failure hurts.

Related terms

CSV GAMP 5 Risk assessment

Go deeper

All CSV

CSV/Jun 2, 2026/8 min

CSA is not the end of CSV. It is CSV finally done right.

FDA's Computer Software Assurance guidance was read by half the industry as permission to stop validating. The other half read it correctly.

CSV/May 21, 2026/7 min

The GAMP 5 software categories, explained like a human

Category 3, 4 or 5 decides how much validation work you are signing up for. Here is how to call it correctly, with a tool that does the asking.